Websense Security Labs™ has observed a spam/fraud campaign whereby a user is redirected from a real news site to a fake news site. In this case the real site is msnbc.com, which belongs to the well-known cable and satellite channel MSNBC. We have discovered that cyber criminals appear to have gained...

Websense® Security Labs™ ThreatSeeker® Intelligence Cloud has identified a LinkedIn profile configured to use social engineering techniques in order to target fellow LinkedIn users. Here at Websense we refer to The 7 Stages of Advanced Attacks. This model of describing the kill chain discusses Stage 1: Reconnaissance - the act of uncovering information that will facilitate the attacker to conduct a later, more successful attack . We believe that this particular campaign may be a precursor to a more specialized targeted attack.

An ongoing, large-scale injection campaign has been raging for the
last 6 months. This campaign utilises a toolkit, dubbed CookieBomb (due
to its signature use of cookies), which is fascinating not only in its
apathy toward a particular platform, but also the code used in the
injections, and way in which it has evolved to escape and evade
traditional AV platforms and structures. This blog will:

describe the evolution of not only the raw code involved in these
attacks, but also the delivery mechanisms with which users are lured to
infected, or outright malicious, pages

The report details mobile, social, email and web-based threats, and
while it is full of ominous data points, it is a very interesting read.
The report is designed to help security professionals keep current with
threat trends and improve the effectiveness of existing security
solutions. It can also be used to identify and prioritize security gaps
that may require new approaches and more innovative strategies.

Creating the report began with the ThreatSeeker® Network,
composed of big data clusters used by the WSL to collect and manage up
to 5 billion inputs each day from 900 million global endpoints. Malware
samples, mobile applications, email content, web links and other
information were then passed through deep analysis processes including
our Advanced Classification Engine (ACE), which applied over 10,000 different analytics.

With Christmas fast approaching, the Websense® ThreatSeeker™ network, replete with festive sleigh bells and twinkling lights, has detected a marked increase in spam emails seeking to exploit fans of the big man himself: Santa Claus. Whilst Santa, along with his ever loyal team of elves, reindeer and of course Mrs Claus, are no doubt working their way through the mountain of letters and wish lists from the world’s good little boys and girls, some bad little boys and girls are looking to capitalize on his backlog of correspondence by claiming to offer alternative services thus ensuring that your ‘little ones’ receive personalized responses.

Many of our colleagues, customers and readers would have now enjoyed their fill of turkey and pumpkin pie for Thanksgiving and are preparing for a second day of festivities with the arrival of Black Friday. This traditionally, for North American retailers and consumers, marks the start of the holiday shopping season and although it is not observed for many as a national holiday, more and more retailers across the globe are launching Black Friday promotions in order to entice consumers and increase sales. Additionally, given that Black Friday is typically a physical 'bricks-and-mortar' retail affair, online retailers seek to continue the shopping frenzy with additional offers, promotions and sales with Cyber Monday, a marketing term coined in 2005 by Shop.org.

The Websense® ThreatSeeker® Network has detected a spam campaign that tries to exploit recipients' interest in the current presidential campaign in the US. Specifically, we have detected thousands of emails with this kind of content:

As noted recently, we are seeing an increasing number of spam campaigns with malicious links that lead to BlackHole exploit pages.

The Websense® ThreatSeeker® Network has detected a phishing campaign whose potential victims are holders of an Apple ID account. An Apple ID allows you to buy new apps, make a customer workshop reservation at an Apple Retail Store, or buy music and multimedia content from the iTunes Store. You...

Here at Websense® Security Labs, we often blog about big malicious campaigns and how our products protect our customers from them. But what about smaller campaigns that are no less dangerous?

Broad campaigns often spoof notifications from well-known businesses, establishments, organizations, and agencies, and are very widespread these days. However, smaller volume campaigns sometimes can be as (or even more) dangerous by bypassing the victim's defenses.

Last week, the Websense ThreatSeeker® Network intercepted one such campaign. This small-volume, malicious campaign targeted businesses with legitimate-looking email that refer to items like purchase orders, quotes, and supply information. All of these email had attachments that install variants of the popular Zeus malware on the victim's computer.

Websense Cloud Email Security quarantined these email as containing a potential virus before most of the malicious attachments were detected by antivirus (AV) engines. ACE, our Advanced Classification Engine, provides the extra layers of protection that help Websense Cloud Email Security protect customers against a wide array of threats.